Vladimir Garagulya, developer of the User Role Editor has patched a critical security vulnerability. User Role Editor is used to edit, manage, and create user roles and capabilities and is active on more than 300K sites.
User Role Editor 4.24 and below allows any registered user to gain administrator access. Wordfence, a popular security plugin for WordPress has more details and explains why the plugin was vulnerable:
The author was checking if users have access to edit another user using the ‘current_user_can’ function and checking for the ‘edit_user’ (without an ‘s’ on the end) capability on a specific user ID. A user can edit themselves, and so sending data to the plugin that supplies the current user’s ID to this access check would bypass the check.
Users should immediately upgrade to 4.25 to protect sites from this vulnerability.